update changelogs

3 years ago · 3d2d0ecab7
parent ac97268fb3
commit 3d2d0ecab7
8 changed files with 171 additions and 32 deletions
--- a/source/CE_releases.rst
+++ b/source/CE_releases.rst
@ -8,7 +8,7 @@ Community Edition
    :width: 600px
    :align: center

-As of January 2015 there have been *207* releases leading to the latest version *21.7*
+As of January 2015 there have been *208* releases leading to the latest version *21.7.1*
 named "Noble Nightingale".


--- a/source/releases/BE_19.7.rst
+++ b/source/releases/BE_19.7.rst
@ -434,7 +434,7 @@ Here is the full list of changes:
 * src: fix insufficient validation of guest-supplied data (e1000 device) `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc>`__ 
 * src: fix IPv6 remote denial of service `[12] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc>`__ 
 * src: fix kernel memory disclosure from /dev/midistat `[13] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc>`__ 
-* src: fix reference count overflow in mqueuefs `[14] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc>`__ 
+* src: fix reference count overflow in mqueuefs 32-bit compat `[14] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc>`__ 
 * ports: hostapd 2.9 `[15] <https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog>`__ 
 * ports: nghttp2 1.39.2 `[16] <https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2>`__ 
 * ports: openldap 2.4.48 `[17] <https://www.openldap.org/software/release/changes.html>`__ 
@ -474,21 +474,20 @@ Here are the full patch notes:
 * firmware: handle file signature verify correctly with multiple fingerprint repositories
 * firmware: Aivian mirror is no longer active
 * firmware: Cloudfence mirror in Brazil added
-* plugins: os-acme-client 1.24 `[1] <https://github.com/opnsense/plugins/pull/1399>`__ 
 * plugins: os-bind 1.6 (contributed by crazy-max)
 * plugins: os-dnscrypt-proxy 1.5 (contributed by crazy-max)
-* plugins: os-grid_example 1.0 `[2] <https://docs.opnsense.org/development/examples/using_grids.html>`__ 
-* plugins: os-helloworld Python 3 compatibility `[3] <https://docs.opnsense.org/development/examples/helloworld.html>`__ 
+* plugins: os-grid_example 1.0 `[1] <https://docs.opnsense.org/development/examples/using_grids.html>`__ 
+* plugins: os-helloworld Python 3 compatibility `[2] <https://docs.opnsense.org/development/examples/helloworld.html>`__ 
 * plugins: os-nut 1.5 adds Riello driver (contributed by Michael Muenz)
-* plugins: os-sunnyvalley 1.0 `[4] <https://docs.opnsense.org/third_party_plugins.html>`__  `[5] <https://www.sunnyvalley.io/sensei>`__ 
-* src: fix panic from Intel CPU vulnerability mitigation `[6] <https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc>`__ 
-* src: fix multiple telnet client vulnerabilities `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc>`__ 
-* src: fix pts write-after-free `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc>`__ 
-* src: fix kernel memory disclosure in freebsd32_ioctl `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc>`__ 
-* src: fix reference count overflow in mqueuefs `[10] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc>`__ 
-* src: fix byhve out-of-bounds read in XHCI device `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc>`__ 
-* src: fix file descriptor reference count leak `[12] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc>`__ 
-* ports: libevent 2.1.11 `[13] <https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog>`__ 
+* plugins: os-sunnyvalley 1.0 `[3] <https://docs.opnsense.org/third_party_plugins.html>`__  `[4] <https://www.sunnyvalley.io/sensei>`__ 
+* src: fix panic from Intel CPU vulnerability mitigation `[5] <https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc>`__ 
+* src: fix multiple telnet client vulnerabilities `[6] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc>`__ 
+* src: fix pts write-after-free `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc>`__ 
+* src: fix kernel memory disclosure in freebsd32_ioctl `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc>`__ 
+* src: fix reference count overflow in mqueuefs `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc>`__ 
+* src: fix byhve out-of-bounds read in XHCI device `[10] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc>`__ 
+* src: fix file descriptor reference count leak `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc>`__ 
+* ports: libevent 2.1.11 `[12] <https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog>`__ 



--- a/source/releases/BE_21.4.rst
+++ b/source/releases/BE_21.4.rst
@ -14,6 +14,93 @@ the images can be found below as well.
 https://downloads.opnsense.com/


+--------------------------------------------------------------------------
+21.4.3 (August 11, 2021)
+--------------------------------------------------------------------------
+
+This business release is based on the OPNsense 21.1.8 community version
+with additional reliability improvements.
+
+The OpenVPN advisory tracked as CVE-2020-15078 does not affect the provided
+version 2.4.11, but the security audit will falsely flag it as vulnerable
+because the source of the audit is FreeBSD where OpenVPN was migrated to 2.5
+series already.
+
+Here are the full patch notes:
+
+* system: use ifinfo counters instead of pfctl in interface widget
+* system: prevent excessive config writes on LDAP import
+* system: do not split XMLRPC password into multiple pieces
+* system: fix IPv4 /31 assignment address assignment in shell
+* system: raised PHP memory limit to 1G
+* system: enable group sync for LDAP servers that do not return memberOf (contributed by rdd2)
+* system: isvalidpid() is not required for a single killbypid()
+* system: hide far gateway option for IPv6
+* system: Norwegian translation (contributed by Stein-Aksel Basma)
+* system: add HA sync entry for live log templates
+* system: add shell inactivity timeout feature for csh/tcsh
+* system: add Syslog-ng TLS transport options
+* system: remove unrelated service restarts from filter_configure_xmlrpc()
+* system: rotate interface statistics widget (contributed by FingerlessGloves)
+* interfaces: clear PPPoE SLAAC addresses on linkdown
+* interfaces: do not check for existing CARP interfaces midstream
+* interfaces: refactor IP address removal on configure
+* interfaces: set tunnel flag for IPv4 tunnel plus cleanups
+* interfaces: interface_configure() checks for enabled already
+* firewall: make sure net.pf.request_maxcount and table-entries are always aligned
+* firewall: add live log support for new filterlog format
+* firewall: set label for obsolete rule in live log (contributed by kulikov-a)
+* firewall: let live log use the newly provided rule log label instead of guessing it
+* firewall: calculate wildcard netmasks in aliases
+* dhcp: fix processing domain search list on static IPv6
+* dhcp: support ignore-client-uids in DHCPv4 (contributed by Kacper Why)
+* firmware: mask subscription in GUI output
+* firmware: add version/date header into check script as well
+* firmware: show update pending hint in system widget
+* firmware: add "-q" option for in-place opnsense-bootstrap run
+* firmware: fix grep call on FreeBSD 13 (contributed by Mariusz Zaborski)
+* firmware: correct return code on type change in opnsense-update
+* firmware: fix opnsense-code pull when ABI configuration is no longer there
+* firmware: fix upgrade with multiple repositories enabled
+* installer: assorted wording improvements
+* openvpn: fix invalid rules generated by wizard (contributed by kulikov-a)
+* openvpn: return empty list when /api/openvpn/export/accounts/ is called without parameters
+* console: throw error when opnsense-importer encounters an encrypted config.xml
+* mvc: catch all errors including syntax and class not found errors
+* mvc: bring back bind_textdomain_codeset() to fix possible faulty page rendering
+* mvc: migrated framework to Phalcon 4
+* mvc: return UUID in ApiMutableModelControllerBase::validateAndSave() if applicable
+* plugins: added variants support to share plugin code over different third-party software versions
+* plugins: added NO_ABI marker to themes
+* plugins: remove the use of $main_buttons in relevant code
+* plugins: compatibility fixes with Phalcon 4
+* plugins: os-acme-client 2.6 `[1] <https://github.com/opnsense/plugins/blob/stable/21.1/security/acme-client/pkg-descr>`__ 
+* plugins: os-etpro-telemetry 1.5 exclude stale data from telemetry upload
+* plugins: os-freeradius 1.9.15 `[2] <https://github.com/opnsense/plugins/blob/stable/21.1/net/freeradius/pkg-descr>`__ 
+* plugins: os-haproxy 3.4 `[3] <https://github.com/opnsense/plugins/blob/stable/21.1/net/haproxy/pkg-descr>`__ 
+* plugins: os-maltrail 1.8 `[4] <https://github.com/opnsense/plugins/blob/stable/21.1/security/maltrail/pkg-descr>`__ 
+* plugins: os-nut 1.8 `[5] <https://github.com/opnsense/plugins/blob/stable/21.1/sysutils/nut/pkg-descr>`__ 
+* plugins: os-telegraf 1.11.0 `[6] <https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/telegraf/pkg-descr>`__ 
+* plugins: os-zabbix-agent 1.9 `[7] <https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/zabbix-agent/pkg-descr>`__ 
+* plugins: os-zabbix4-proxy is now a plugin variant
+* plugins: os-zabbix5-proxy is now a plugin variant
+* src: axgbe: make sure driver works on V1000 platform and remove unnecessary reset
+* src: axgbe: remove unneccesary packet length check
+* ports: clog 1.0.2 fixes garbage header write on init
+* ports: curl 7.78.0 `[8] <https://curl.se/changes.html#7_78_0>`__ 
+* ports: filterlog adds CARP IPv6 support and moves label to previously reserved spot
+* ports: isc-dhcp 4.4.2-P1 `[9] <https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES>`__ 
+* ports: libxml 2.9.12 `[10] <http://www.xmlsoft.org/news.html>`__ 
+* ports: nss 3.67 `[11] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes>`__ 
+* ports: openldap 2.4.59 `[12] <https://www.openldap.org/software/release/changes.html>`__ 
+* ports: pcre2 10.37 `[13] <https://www.pcre.org/changelog.txt>`__ 
+* ports: phalcon 4.1.2 `[14] <https://github.com/phalcon/cphalcon/releases/tag/v4.1.2>`__ 
+* ports: php 7.4.20 `[15] <https://www.php.net/ChangeLog-7.php#7.4.20>`__ 
+* ports: sudo 1.9.7p1 `[16] <https://www.sudo.ws/stable.html#1.9.7p1>`__ 
+* ports: suricata 5.0.7 `[17] <https://redmine.openinfosecfoundation.org/versions/166>`__ 
+
+
+
 --------------------------------------------------------------------------
 21.4.2 (July 09, 2021)
 --------------------------------------------------------------------------
--- a/source/releases/CE_18.1.rst
+++ b/source/releases/CE_18.1.rst
@ -364,7 +364,7 @@ Here are the full patch notes:
 * plugins: os-theme-cicada 1.0 (contributed by Rene via Team Rebellion)
 * src: mishandling of x86 debug exceptions `[1] <https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc>`__ 
 * src: multiple small kernel memory disclosures `[2] <https://www.freebsd.org/security/advisories/FreeBSD-EN-18:05.mem.asc>`__ 
-* src: timezone database information update `[3] <https://www.freebsd.org/security/advisories/FreeBSD-EN-18:06.tzdata.asc>`__ 
+* src: timezone database information updates `[3] <https://www.freebsd.org/security/advisories/FreeBSD-EN-18:06.tzdata.asc>`__ 
 * ports: ca_root_nss 3.37
 * ports: krb5 1.16.1 `[4] <https://web.mit.edu/kerberos/krb5-1.16/>`__ 
 * ports: liblz4 1.8.2 `[5] <https://github.com/lz4/lz4/releases/tag/v1.8.2>`__ 
@ -545,7 +545,7 @@ Here are the full patch notes:
 * src: fix mutli-wan traffic shaper on non-default gateway interfaces
 * src: ipsec crash or denial of service `[1] <https://security.freebsd.org/advisories/FreeBSD-SA-18:05.ipsec.asc>`__ 
 * src: vt console memory disclosure `[2] <https://security.freebsd.org/advisories/FreeBSD-SA-18:04.vt.asc>`__ 
-* src: multiple small kernel memory disclosures `[3] <https://security.freebsd.org/advisories/FreeBSD-EN-18:04.mem.asc>`__ 
+* src: multiple minor kernel memory disclosures `[3] <https://security.freebsd.org/advisories/FreeBSD-EN-18:04.mem.asc>`__ 
 * src: timezone database information update `[4] <https://security.freebsd.org/advisories/FreeBSD-EN-18:03.tzdata.asc>`__ 
 * ports: dnsmasq 2.79 `[5] <https://www.thekelleys.org.uk/dnsmasq/CHANGELOG>`__ 
 * ports: openssl 1.0.2o `[6] <https://www.openssl.org/news/secadv/20180327.txt>`__ 
--- a/source/releases/CE_18.7.rst
+++ b/source/releases/CE_18.7.rst
@ -305,7 +305,6 @@ Here are the full patch notes:
 * plugins: os-postfix fixes typo (contributed by Michael Muenz)
 * plugins: os-telegraf 1.7.2 adds validation messages to tags (contributed by Michael Muenz)
 * plugins: os-theme-cicada 1.9 (contributed by Team Rebellion)
-* plugins: os-theme-tukan 1.8 (contributed by Team Rebellion)
 * plugins: os-upnp removes unused function
 * plugins: os-zabbix-agent 1.4 `[4] <https://github.com/opnsense/plugins/pull/998>`__  (contributed by Frank Wall)
 * ports: cyrus-sasl 2.1.27 `[5] <https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html>`__ 
--- a/source/releases/CE_19.7.rst
+++ b/source/releases/CE_19.7.rst
@ -434,7 +434,7 @@ Here is the full list of changes:
 * src: fix insufficient validation of guest-supplied data (e1000 device) `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc>`__ 
 * src: fix IPv6 remote denial of service `[12] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc>`__ 
 * src: fix kernel memory disclosure from /dev/midistat `[13] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc>`__ 
-* src: fix reference count overflow in mqueuefs `[14] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc>`__ 
+* src: fix reference count overflow in mqueuefs 32-bit compat `[14] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:24.mqueuefs.asc>`__ 
 * ports: hostapd 2.9 `[15] <https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog>`__ 
 * ports: nghttp2 1.39.2 `[16] <https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2>`__ 
 * ports: openldap 2.4.48 `[17] <https://www.openldap.org/software/release/changes.html>`__ 
@ -474,21 +474,20 @@ Here are the full patch notes:
 * firmware: handle file signature verify correctly with multiple fingerprint repositories
 * firmware: Aivian mirror is no longer active
 * firmware: Cloudfence mirror in Brazil added
-* plugins: os-acme-client 1.24 `[1] <https://github.com/opnsense/plugins/pull/1399>`__ 
 * plugins: os-bind 1.6 (contributed by crazy-max)
 * plugins: os-dnscrypt-proxy 1.5 (contributed by crazy-max)
-* plugins: os-grid_example 1.0 `[2] <https://docs.opnsense.org/development/examples/using_grids.html>`__ 
-* plugins: os-helloworld Python 3 compatibility `[3] <https://docs.opnsense.org/development/examples/helloworld.html>`__ 
+* plugins: os-grid_example 1.0 `[1] <https://docs.opnsense.org/development/examples/using_grids.html>`__ 
+* plugins: os-helloworld Python 3 compatibility `[2] <https://docs.opnsense.org/development/examples/helloworld.html>`__ 
 * plugins: os-nut 1.5 adds Riello driver (contributed by Michael Muenz)
-* plugins: os-sunnyvalley 1.0 `[4] <https://docs.opnsense.org/third_party_plugins.html>`__  `[5] <https://www.sunnyvalley.io/sensei>`__ 
-* src: fix panic from Intel CPU vulnerability mitigation `[6] <https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc>`__ 
-* src: fix multiple telnet client vulnerabilities `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc>`__ 
-* src: fix pts write-after-free `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc>`__ 
-* src: fix kernel memory disclosure in freebsd32_ioctl `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc>`__ 
-* src: fix reference count overflow in mqueuefs `[10] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc>`__ 
-* src: fix byhve out-of-bounds read in XHCI device `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc>`__ 
-* src: fix file descriptor reference count leak `[12] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc>`__ 
-* ports: libevent 2.1.11 `[13] <https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog>`__ 
+* plugins: os-sunnyvalley 1.0 `[3] <https://docs.opnsense.org/third_party_plugins.html>`__  `[4] <https://www.sunnyvalley.io/sensei>`__ 
+* src: fix panic from Intel CPU vulnerability mitigation `[5] <https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc>`__ 
+* src: fix multiple telnet client vulnerabilities `[6] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc>`__ 
+* src: fix pts write-after-free `[7] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc>`__ 
+* src: fix kernel memory disclosure in freebsd32_ioctl `[8] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc>`__ 
+* src: fix reference count overflow in mqueuefs `[9] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc>`__ 
+* src: fix byhve out-of-bounds read in XHCI device `[10] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc>`__ 
+* src: fix file descriptor reference count leak `[11] <https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc>`__ 
+* ports: libevent 2.1.11 `[12] <https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog>`__ 



--- a/source/releases/CE_21.1.rst
+++ b/source/releases/CE_21.1.rst
@ -78,6 +78,7 @@ A hotfix release was issued as 21.1.9_1:
 * firmware: fix grep call on FreeBSD 13 (contributed by Mariusz Zaborski)
 * firmware: correct return code on type change in opnsense-update
 * firmware: fix opnsense-code pull when ABI configuration is no longer there
+* firmware: fix upgrade with multiple repositories enabled



--- a/source/releases/CE_21.7.rst
+++ b/source/releases/CE_21.7.rst
@ -32,6 +32,62 @@ can be found below as well.
 * Full mirror list: https://opnsense.org/download/


+--------------------------------------------------------------------------
+21.7.1 (August 04, 2021)
+--------------------------------------------------------------------------
+
+
+After some initial trouble with particular Intel network card instability
+and two installer shortcomings this brings the first round of stable
+updates, general improvements and even new features.
+
+The OpenVPN integration required a few more changes for the 2.5 series
+and Unbound would stall when the new cache restore feature was caching
+an empty response.
+
+Images have been reissued based on this version as well.
+
+Here are the full patch notes:
+
+* system: relax server certificate check for web GUI validation
+* system: use ifinfo counters instead of pfctl in interface widget
+* interfaces: packet capture quick select for all interfaces
+* firewall: make sure net.pf.request_maxcount and table-entries are always aligned
+* firewall: only set state options on rules when state is being tracked
+* firmware: fix opnsense-code pull when ABI configuration is no longer there
+* firmware: fix upgrade with multiple repositories enabled
+* firmware: sync plugins in console update
+* firmware: revoke 21.1 fingerprint
+* installer: fix possible hang when scanning for disks
+* installer: fix multiple disk selection
+* openvpn: fix genkey format on 2.5
+* openvpn: improve the cipher parsing
+* openvpn: untie server-ipv6 from server directive
+* openvpn: return empty list when /api/openvpn/export/accounts/ is called without parameters
+* unbound: reject invalid cache data
+* unbound: automatically add "do-not-query-localhost: no" on DoT when needed
+* unbound: support insecure-domain directive
+* mvc: bring back bind_textdomain_codeset() to fix possible faulty page rendering
+* ui: fix regression in subnet selector
+* plugins: os-bind 1.18 `[1] <https://github.com/opnsense/plugins/blob/stable/21.7/dns/bind/pkg-descr>`__ 
+* plugins: os-dnscrypt-proxy 1.9 `[2] <https://github.com/opnsense/plugins/blob/stable/21.7/dns/dnscrypt-proxy/pkg-descr>`__ 
+* plugins: os-postfix 1.20 `[3] <https://github.com/opnsense/plugins/blob/stable/21.7/mail/postfix/pkg-descr>`__ 
+* plugins: os-telegraf 1.12.0 `[4] <https://github.com/opnsense/plugins/blob/stable/21.7/net-mgmt/telegraf/pkg-descr>`__ 
+* src: revert upstream commit "e1000: Rework em_msi_link interrupt filter"
+* ports: switched to FreeBSD ports tree
+* ports: filterlog print "0" instead of "(null)" label
+* ports: krb5 1.19.2 `[5] <https://web.mit.edu/kerberos/krb5-1.19/>`__ 
+* ports: php 7.4.22 `[6] <https://www.php.net/ChangeLog-7.php#7.4.22>`__ 
+
+
+
+.. code-block::
+
+    # SHA256 (OPNsense-21.7.1-OpenSSL-dvd-amd64.iso.bz2) = d9062d76a944792577d32cdb35dd9eb9cec3d3ed756e3cfaa0bf25506c72a67b
+    # SHA256 (OPNsense-21.7.1-OpenSSL-nano-amd64.img.bz2) = 106b483993f252e27dfd5064f57b2800e68274cf036445a97308107144e601f9
+    # SHA256 (OPNsense-21.7.1-OpenSSL-serial-amd64.img.bz2) = 04abcd825dacbecda3eff90c8d086527b49b5d61c284442ef5d5bdd89b625004
+    # SHA256 (OPNsense-21.7.1-OpenSSL-vga-amd64.img.bz2) = 44068ee9369bc12a0226ee2e1f13a1409038953ee829e0de97abe359affbde0d
+
 --------------------------------------------------------------------------
 21.7 (July 28, 2021)
 --------------------------------------------------------------------------
@ -79,7 +135,6 @@ Here are the full patch notes:
 * system: circular logs are now disabled by default
 * system: removed unused traffic API dashboard feed
 * system: prevent use of client certificates in web GUI
-* system: lock config writes during HA merges
 * system: hide far gateway option for IPv6
 * system: isvalidpid() is not required for a single killbypid()
 * system: fix PHP 7.4 deprecated warning in IPv6 library
@ -237,7 +292,6 @@ We know it would not be the same without you.  <3
 Here are the full patch notes:

 * system: prevent use of client certificates in web GUI
-* system: lock config writes during HA merges
 * system: hide far gateway option for IPv6
 * system: isvalidpid() is not required for a single killbypid()
 * system: fix PHP 7.4 deprecated warning in IPv6 library